Iran's report came shortly after Cisco's Talos research group warned that there had been "several incidents" around the world where "specific advanced actors" had targeted its switches using Smart Install. There had been a spike in scanning as of November 2017, and it only increased in intensity in March and April.
The damage, at least in Iran, might be minimal -- Iran said it tackled the flaw within hours, and that it hadn't lost data. However, the reach of the attack and its messaging are more than a little baffling. If this was a warning over election meddling, why not focus on Russia instead of countries that could frequently be victims of those attacks? This could be an indiscriminate protest, or even a deliberate attempt to throw investigators off the trail by foisting the blame on one country.
Whoever's responsible, the cyberattacks highlight a recurring problem: many of the breaches in recent months have been the result of lax security practices. These switches could have been fixed in time to prevent the attack, but a slow response left them wide open. It may take a long time before a lear majority of network operators treat patches and operating system upgrades as high priorities.
Update: In a response to Motherboard, the attackers claimed this was a protest against Russia and other countries meddling in American elections. Also, some of the targets were Russian. It's still odd that the US and other countries got caught in the crossfire (especially as the attackers claimed they fixed the flaws on US and UK devices), but the campaign makes more sense as a result.
© Flipboard and it's respective authors